<

Deploying Printers with Group Policy using security filtering

Published on
16,239 Points
10,039 Views
2 Endorsements
Last Modified:
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that.

In this Article I'll show how to deploy printers automatically with group policy and then using security filtering to only deploy the group policy to members of a particular security group.

To follow these steps I will be assuming that you have already setup a windows print server. In the example below I have used a windows 2003 virtual server in a 2003 AD Domain.

Install the printer on the print server as you would any other network printer. Create a new global group that will be given access to the GPO and thus the printer

Then create your GP object:
Create a new GP object with appropriate name
Go to User ConfigurationWindows Settings – and open Logon
Click on showfiles (Fig 1)and copy the file pushprinterconnections.exe into there (52KB)
Figure 1

Then click add and on script name type in pushprinterconnections.exe  (Fig 2) and click OK
 Figure 2
Giving appropriate access:
In the GPOE select the OU the GPO is under and expand on the left until you can click on the GP (fig.3)

Figure 3On the right hand side on the scope tab look below to see Security Filtering
Remove "Authenticated Users"
Add the global group you want to give access to the Group Policy
Deploying the printer on the print server:
In the printer management console right click the printer and click Deploy via group policy(fig 4)

 Figure 4
Click Browse and navigate to your newly created GPO  (Fig .5)


 Figure 5Select so that the GP only applies on the (per user)  (Fig .6)

Figure 6Click Add
You should get a screen that says the printer has been successfully deployed
Reboot once or twice and your printer will be installed automatically wherever you logon.

Hope you will find this Article helpful for your own printer deployments.
2
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:rxdeath
wow that's way more complicated than what i do, i just add

rundll32 printui.dll,PrintUIEntry /in /n "\\printserver\printer

to their logon script in sysvol, works great, easy to manage and don't have to fiddle with group policy
0
 
LVL 7

Author Comment

by:eugene20022002
Thanx for the input.
The purpose of the article is to automatically deploy printers based on which security group you belong to.
It gives you way more flexibility and control over which users get which printers.
Where as deploying it via login script limits you and you really dont want many different login scripts just to deploy a printer to a different ou.
Much harder to administer I think.
0
 
LVL 3

Expert Comment

by:rxdeath
sorry i re-read my comment and it came off way more negative then i intended, i should have asked, what the advantages of your way vs over the login script way.

our environment has about 30 offices that logon to our tserv, and based off their 3 letter office code (matching the name of the logon script), everyone in that office gets the same printers.  so would this maybe apply to my situation better if i had someone in an office that might have special needs/restrictions, or travels to other offices in our company?  or possible an office setup that isn't a free love about their printer setup as we are?  i'm just confused because it seems like adding a gpo is the same amount of work as a quick login script, and (i know i'm a wuss)  i don't like fiddling with gpos

thank you for your time and being nice even though even i think i sounded like a jerk at first :)
0
 
LVL 7

Author Comment

by:eugene20022002
It would apply in an environment in where you need to have more control. Where not all users in a department share the same printer. Perhaps different departments or offices have different budgets. For example sometimes a user or group of users would abuse a printer and this way its much easier to simple remove them from a group than to create a whole new OU just for them.
Sometimes you may only want certain people to have access to the expensive color printer , and this way it would be as simple as adding or removing them from a security group.
This way takes a short while to setup if you want to do things right the first time, but once you did , managing them afterwards would be easier.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Join & Write a Comment

How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month